include much needed antivirus products in FC2
Enrico Scholz
enrico.scholz at informatik.tu-chemnitz.de
Tue Jan 6 21:17:38 UTC 2004
tmus at get2net.dk (Thomas M Steenholdt) writes:
>>* daemon runs as root by default -> bad flaw since it works as non-root
>> also. Please do not begin with SELinux; it's not the solution for all
>> security problems and not available in FC1 or below.
>>
>>* default logging and sockets are suggested to be under /tmp
>> -> man symlink-attack, man tmpwatch
> ...
> That's why it would be natural to fix those kinds of things in a
> package, so that it would work immediately after installation...
This request is void in this case. The daemon is not needed for
normal workstation usage and 'clamscan' from main-package works
without configuration. When you need the daemon e.g. for mailserver
integration, you have to read lots of documentation nevertheless and
the small README from the -server package will not hurt.
Another -- and preferred by me -- method would be a setup-package for
the mailserver which takes the templates from clamav-server and replaces
the '@...@' strings with the needed values. Already in use locally for a
mimedefang based solution.
> Again - I realize that a default configuration will not suit all,
A default configuration will suit nobody's needs since most data which
are checked for virii are sensible and should not be readable for (most)
non-root users. Communication sockets for the server must be protected
too.
> But installing a package should provide a basic working setup of
> whatever that package contains.
No, a secure basic setup is much more important.
Enrico
More information about the fedora-devel-list
mailing list